1. Field of the Invention
The present invention relates generally to network security and, more particularly, to the use of conceptual clustering in order to determine and eliminate potential security threats.
2. Description of the Related Art
Due to the increased reliance on Information Technology (IT) in the present business arena, there is an ever-increasing need to protect the IT infrastructure. In protecting the IT infrastructure, Network Security has become a paramount issue. There is a need to protect the IT infrastructure for a variety of reasons, such as to limit down-time and provide secure data transmission.
However, implementation of security measures is not a simple task. For an IT system, the basic approach to security is to monitor traffic across the IT network to identify patterns that indicate system intrusion. There are a variety of methodologies that may be employed to identify intrusion patterns, such as regression analysis and certain inductive techniques. Generally, the security approaches monitor usage behaviors and requests of network ports and resources in order to determine potential intrusion risks. For example, certain requests at certain times of day or night can be indicative of a system attack. Thus, pattern analysis can be employed to make such determinations. However, methods of attacks are neither finite nor static. Instead, methods of attacks change. Hence, pattern analyses must be updated to at least maintain equal footing or at least a semblance of parity with those who mean to cause harm to the IT infrastructure.
In addition, as the volume of events occurring on a network increases relative to a generally lower volume of actual intrusions, the difficulty in determining threats correspondingly increases. The space can be simplified, but if the space is too general, the patterns will trigger false positives, needlessly interrupting system operation, wasting management resources and degrading system reliability.
Therefore, a need exists for a method and/or apparatus for utilizing qualitative and quantitative measurements to improve the degree of accuracy in analyzing potential security risks that addresses at least some of the problems associated with convention methods and apparatuses associated with current security algorithms.